(RADIATOR) EAP-TTLS
Steffen Hedegaard
ged at mdb.ku.dk
Thu Nov 8 06:58:09 CST 2007
Hi, i Am having some problems with a radiator 3.17.1 patched 18-6-07 setup
used for eap-ttls-pap authentication. I get so far as the server sends (and
the client receives) an access-accept package, and then the authentication
process just seems to start over. I have another radiator server running
3.15, which works with the same config file settings (minus the username
rewrite).
Radiator is installed as a service on a windows 2003 server with activeperl
5.8.8.820.
The config file, and trace 4 debug of a session, is at the end of the mail.
Best regard
Steffen Hedegaard
Foreground
LogStdout
LogDir C:\Program Files\Radiator
DbDir C:\Program Files\Radiator
DictionaryFile C:\Program Files\Radiator\dictionary
AuthPort 1812
AcctPort 1813
### Logginf options ###
# User a lower trace level in production systems:
Trace 4
<AuthLog FILE>
Identifier accountinglog
LogSuccess 1
LogFailure 1
SuccessFormat %l : %n : %N : %{NAS-Identifier} : OK
FailureFormat %l : %n : %N : %{NAS-Identifier} : Failed
Filename c:\program files\radiator\authlog
</AuthLog>
##########################################################################
# Clients #
##########################################################################
# JanP
<Client radius.another.dom.ain>
Secret mysecret
DupInterval 0
</client>
<Client radius2.another.dom.ain>
Secret mysecret
DupInterval 0
</client>
##########################################################################
# Authentication metoder og viderestillinger #
##########################################################################
### EAP-TTLS ###
<AuthBy FILE>
# auth af ydre request med eap-ttls, anonymous bruger
Identifier AD-sund-ttls
Filename C:/Program Files/Radiator/users
EAPType TTLS
EAPTLS_CAFile C:/Program Files/Radiator/radiusparent.cert
EAPTLS_CertificateType PEM
EAPTLS_CertificateFile C:/Program Files/Radiator/radius_my_dom_ain.cert
EAPTLS_PrivateKeyFile C:/Program Files/Radiator/radius_my_dom_ain.key
EAPTLS_PrivateKeyPassword
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
<AuthBy LSA>
# Auth af brugere i Active Directory domænet my.root.dom.ain, inner request
Identifier AD-sund2-ttls
EAPType PAP
#AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy>
### Forespørgsler der ryger til JanP
<AuthBy RADIUS>
Identifier EDUROAM
Host radius.xxx.xx.xx
Secret mysecret
FailureBackoffTime 10
Retries 0
RetryTimeout 6
AuthPort 1812
AcctPort 1813
</AuthBy>
##########################################################################
# Handlers #
##########################################################################
### EAP-TTLS
<Handler TunnelledByTTLS=1>
#nner request, vil altid være et lokalt domæne når vi når hertil.
RejectHasReason
#rewriter til @my.root.dom.ain
RewriteUsername s/^([^@]+).*/$1\@my.root.dom.ain/
AuthBy AD-sund2-ttls
AuthLog accountinglog
</Handler>
<Handler User-Name=anonymous at my.dom.ain>
#outer request, matcher username at my.dom.ain
AuthBy AD-sund-ttls
</Handler>
### Vidersendelse til central ku server
<Handler>
#default handler sender alt andet videre til janp's servere.
AuthBy EDUROAM
AuthLog accountinglog
</Handler>
Thu Nov 1 14:30:44 2007: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'
Thu Nov 1 14:30:44 2007: DEBUG: Reading dictionary file 'C:\Program
Files\Radiator\dictionary'
Thu Nov 1 14:30:44 2007: DEBUG: Creating authentication port 0.0.0.0:1812
Thu Nov 1 14:30:44 2007: DEBUG: Creating accounting port 0.0.0.0:1813
Thu Nov 1 14:30:44 2007: NOTICE: Server started: Radiator 3.17.1 on Rad1
Thu Nov 1 14:31:34 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 15
Authentic: <184><232><231>mn^<171><152>.<246><230><178>8Q)H
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
Message-Authenticator =
<149><191><24><8><156>h<21>I<153>n<16><235><16><152>Fm
Proxy-State = 18
Thu Nov 1 14:31:34 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:31:34 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:31:34 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:31:34 2007: DEBUG: Handling with EAP: code 2, 1, 25
Thu Nov 1 14:31:34 2007: DEBUG: Response type 1
Thu Nov 1 14:31:36 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:31:36 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:31:36 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:31:36 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 15
Authentic: <184><232><231>mn^<171><152>.<246><230><178>8Q)H
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 18
Thu Nov 1 14:31:36 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 16
Authentic: uh<29><168><201>q<249>`t<217><162><239><135><140>pt
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>J<241><161><235><
236>N<201><153>:<166>V8<246><165><214>|<202><158><229><130><155><243>=<169><
157>~|<163>-<159>G<4><0><0><2><0><10><1><0>
Message-Authenticator =
x"<240>E<192>5<209><181>9<226><178>DU<1>f<242>
Proxy-State = 19
Thu Nov 1 14:31:36 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:31:36 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:31:36 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:31:36 2007: DEBUG: Handling with EAP: code 2, 2, 60
Thu Nov 1 14:31:36 2007: DEBUG: Response type 21
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 24576, 2, -1
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 16
Authentic: uh<29><168><201>q<249>`t<217><162><239><135><140>pt
Attributes:
EAP-Message =
<1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<213>9<
239><248><230>z<147><174>K<18><158><190><247>\<16><209><169><240>7<180>ro<22
8>!<146><188><196><169><198><252>
+<187><195>Q<235><253><233><10>q<181>A<4><201><181><24><10><137><255>d1<19>6
<230>>K1<244><26><129>]><225><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3
>@0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134
>H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6
><3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
EAP-Message =
<11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.my.dom.
ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>(See
www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain Control
Validated - QuickSSL
Premium(R)1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)<172><188
><235><227><220><135><233><15><24><197>
EAP-Message =
<11><5>]<181><173>J<129><161>v<202>,Z<20>L_$<127>5<129><169><246>L<196><179>
<230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/<192><147><158>!<1
53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?B<182><224><173
>}<253><30>u<<16>$#c<132>l<24><146>`<151>-!<207><140>E<240>1<208>N<155>2k0<1
75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>U<29><
15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu<198>\
<205><133>'h|<146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/secureca.crl0<31><6><3>U
<29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
<16>O3<152><144><159><212>0
EAP-Message =
<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><
7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>N<12>
g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)<159><178><168><
15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}<2><177><20>}<209>
hoJ<199>-<234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
56>T<176><137>MN<201>
c<207><244>a-<230>@Y)<134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
><184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>$0<130><3>
0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>H<134>
<247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4
><10><19><7>Equifax1-0+
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 19
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 17
Authentic: c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator =
<130><166><173>(}<229>#I<189><171>}6<247>><139><247>
Proxy-State = 20
Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 3, 6
Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 17
Authentic: c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
Attributes:
EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
Certificate
Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6><3>U<4
><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Eq
uifax Secure Certificate
Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><
141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-<31><8>m<
145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|<206><159><5><224>
<184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128><191>
B<2><142><254><221><1>
EAP-Message =
<9><236><225><0><20>O<252><251><240><12><221>C<186>[+<225><31><128>p<153><21
>W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>+<214><238
>cE{<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><2><3
><1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<160>a<
164>_0]1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>0<17><
129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><3>U<29
>#<4><24>0<22><128><20>H<230>h<249>+<210><178>
EAP-Message = <149><215>G<216>#
<16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<249>+<21
0><178><149><215>G<216>#
<16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<26><6><
9>*<134>H<134><246>}<7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)<234><252><247><2
22><181><206><2><185><23><181><133><209><185><227><224><149><204>%1<13><0><1
66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<152><23
8><168><255>Z<200><211>U<178>fqW<222><192>!<235>=*<167>#I<1><4><134>B{<252><
238><127><162><22>R<181>gg<211>@<219>;&X<178>(w=<174><20>wa<214><250>*f'<160
><13><250><167>s\<234>p<241><148>!eD_<250><252><239>)h<169><162><135>y<239>y
<239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 20
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 18
Authentic: <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0><12
8><1>`h<199><199><4>^<174><164><151>~<244><171><132><133>zt<133>@<250><10><2
43><24>9<231><201>XW(<20><247>u1<175><15><158>D<23><177><176><227>J<239><136
>|"<173><240><127><29><199><248>W<132><170>x<168><25>\.<152>C<12><136><224><
239><133>1<25><196><139>.<30><209><^ju<129><138><167><139><167>C<18><136><6>
<24><127><227><18><199><174><10><21><4><170><184>(<244><169>Yr<132><156><227
><<221><28><19><247>J|<5>]"<140>2=<216><249>Y<239><248>xH<187><4><20><3><1><
0><1><1><22><3><1><0>(<31><254><195>~<195><146><185><240>5k<199><139><148><0
><28><16><243><22>-Y<147><228>m<248><242><168>c<232>"<179>Bz<18>n\<134><145>
<165><181>i
Message-Authenticator =
zbh<164>S<136><217><166><154><208><159>l<253><168>[<228>
Proxy-State = 21
Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 4, 200
Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 8576, 4, 2
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 18
Authentic: <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
Attributes:
EAP-Message =
<1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<245><169><31>
<244><212><232><243><148><251><200>F<149><246><205>)<16><167><153><242><189>
<28>q8<236>3`i<233><172><186><142>P:<129><176>D'<5>?<30>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 21
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 19
Authentic: <4><5><212><138><228>ocOQb<222>+y<127>y<20>
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<226><170><167>mQ<193><138><224>(
<16><27><252>iq<140><231>Y03:<187>7/aQ5<148>|<250><226>o<170><154><7>=W<243>
<142>!}<251>a<178>J<133><240><145>^]<156>]<183><190>M<219><176><18>Z<1>h<142
>f<150><153>#<229><207><182><234>"<139><205>
Message-Authenticator =
<170><219>/+<139><233>{<224><149>><222><137>$<228>t<238>
Proxy-State = 22
Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 5, 87
Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 3, 5, 4
Thu Nov 1 14:31:37 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = "test at my.dom.ain"
User-Password = ******
Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS inner authentication request for
test at my.dom.ain
Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Thu Nov 1 14:31:37 2007: DEBUG: Rewrote user name to
test at my.rewrite.dom.ain
Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for test at my.dom.ain,
192.168.199.12,
Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthLSA:
AD-sund2-ttls
Thu Nov 1 14:31:37 2007: DEBUG: Radius::AuthLSA looks for match with
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:31:37 2007: DEBUG: Radius::AuthLSA ACCEPT: :
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:31:37 2007: DEBUG: AuthBy LSA result: ACCEPT,
Thu Nov 1 14:31:37 2007: DEBUG: Access accepted for test at my.rewrite.dom.ain
Thu Nov 1 14:31:37 2007: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: <5><252><249>X<204><131>ID<189><166><190><8><230>J<2><4>
Attributes:
Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:31:37 2007: DEBUG: Access accepted for anonymous at my.dom.ain
Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Accept
Identifier: 19
Authentic: <4><5><212><138><228>ocOQb<222>+y<127>y<20>
Attributes:
MS-MPPE-Send-Key =
<235><175><237>1RP<249>W<221>=<7>1<142><30><170><170><138><19>zU<228><156>"<
13>o<10><8><15>?m<4><220><158>zV<141><133><255><174><211><197>0<171><20>2<13
6><212><6><167><130>
MS-MPPE-Recv-Key =
<172>Y8<244><3><157><251>9<135><238><208><212><161>G<17>D<194>H<225>r<142>X<
207>f<147>!<217>5G<231><24><166>U<215>DGX<240>U<12><129><129><230><245><174>
gV<237><15>l
EAP-Message = <3><5><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 22
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 20
Authentic: b<31><141><147><153><179>d,><138><239>o<134><12>^l
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
Message-Authenticator =
<0><175><221>u<174>A<156>Qu<151><195>*c<12>Q<137>
Proxy-State = 23
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 1, 25
Thu Nov 1 14:32:14 2007: DEBUG: Response type 1
Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 20
Authentic: b<31><141><147><153><179>d,><138><239>o<134><12>^l
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 23
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 21
Authentic: <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>6/<139><140>$!<16
1>x_<222><143><183><248><232>n<147><<190><158><187><235><2>t<209><231>d"<194
>E<144><4>0<0><0><2><0><10><1><0>
Message-Authenticator =
<143>`s<187>w<138>E<253><179><204><11>q<252><202><253><245>
Proxy-State = 24
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 2, 60
Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 24576, 2, -1
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 21
Authentic: <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
Attributes:
EAP-Message =
<1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<213>^K
w[Tan.^<9><255>G<253>e<157><214><198> <172>2<9><239>P<27>Rp[:<205>
S<13>4HW<13><128><213>{<167>4L=<3><175><6><15><134><192><252><180>6<204><19>
<1><229><251><15><171><163>R5<0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3
>@0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134
>H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6
><3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
EAP-Message =
<11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.my.dom.
ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>(See
www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain Control
Validated - QuickSSL
Premium(R)1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)<172><188
><235><227><220><135><233><15><24><197>
EAP-Message =
<11><5>]<181><173>J<129><161>v<202>,Z<20>L_$<127>5<129><169><246>L<196><179>
<230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/<192><147><158>!<1
53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?B<182><224><173
>}<253><30>u<<16>$#c<132>l<24><146>`<151>-!<207><140>E<240>1<208>N<155>2k0<1
75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>U<29><
15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu<198>\
<205><133>'h|<146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/secureca.crl0<31><6><3>U
<29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
<16>O3<152><144><159><212>0
EAP-Message =
<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><
7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>N<12>
g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)<159><178><168><
15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}<2><177><20>}<209>
hoJ<199>-<234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
56>T<176><137>MN<201>
c<207><244>a-<230>@Y)<134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
><184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>$0<130><3>
0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>H<134>
<247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4
><10><19><7>Equifax1-0+
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 24
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 22
Authentic: <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator =
<2><149>^<128><194><247>iY<128><172><181><183>C<218>E<127>
Proxy-State = 25
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 3, 6
Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 22
Authentic: <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
Attributes:
EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
Certificate
Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6><3>U<4
><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Eq
uifax Secure Certificate
Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><
141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-<31><8>m<
145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|<206><159><5><224>
<184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128><191>
B<2><142><254><221><1>
EAP-Message =
<9><236><225><0><20>O<252><251><240><12><221>C<186>[+<225><31><128>p<153><21
>W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>+<214><238
>cE{<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><2><3
><1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<160>a<
164>_0]1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>0<17><
129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><3>U<29
>#<4><24>0<22><128><20>H<230>h<249>+<210><178>
EAP-Message = <149><215>G<216>#
<16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<249>+<21
0><178><149><215>G<216>#
<16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<26><6><
9>*<134>H<134><246>}<7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)<234><252><247><2
22><181><206><2><185><23><181><133><209><185><227><224><149><204>%1<13><0><1
66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<152><23
8><168><255>Z<200><211>U<178>fqW<222><192>!<235>=*<167>#I<1><4><134>B{<252><
238><127><162><22>R<181>gg<211>@<219>;&X<178>(w=<174><20>wa<214><250>*f'<160
><13><250><167>s\<234>p<241><148>!eD_<250><252><239>)h<169><162><135>y<239>y
<239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 25
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 23
Authentic: <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0><12
8>]<157><4><134>v=<162><129>Z<164><28>v<215>:b<221><199><192><182>|X<213>I<1
47>C<140>rh<9><171><221>V<14><16><131><137><206><248><150><136><6><214>hW<18
7><167>DP#<146><132><194>U<1><3><244><160><142>4<161><209><141>v]B<236><8><1
6><222><156><4><205><220><6><163><237><241><16>,!<251>f<215><171><170>MP<143
><204><147><192><201><181><4>rL<171>1<159>M<244><15>Y<31><129>DX<201><127><1
67><204><128><208>?U<31><253><242><222><142>A`v<142>j<199><24>,<20><3><1><0>
<1><1><22><3><1><0>(=!<205><136>$_<215>>h<220><171><4>K<234><233>i]<220><195
>X<137><224>Z+#q8<219><167><236><233><169><184><183><242><209><131><179><153
><133>
Message-Authenticator =
<243><229><190><11>_<250><129><186><14>'<177>r<201><238>*0
Proxy-State = 26
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 4, 200
Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 8576, 4, 2
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 23
Authentic: <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
Attributes:
EAP-Message =
<1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>({<134><13><148
><188>s<189><7><15>^<186><146><131><255><2><227><211>1e<188><21><142>Q<215><
134>N2<140><162><203><240><249><180><201><9>z[<157>+<141>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 26
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 24
Authentic: <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<207><235>)K<16>=<193><236>f<205>
<15><148><8>A<147><214><142><211><220><21>TJ<135><183>I,<217><145>&;<2><<151
>Z<145>x<26><181><163><152><129><142><142>`x<29>I:<247>2-B<224>p<22><131><17
><247><221><203><203><202><248><254><15><220><232>"M,A<158>
Message-Authenticator =
s<247>U<31><6><253><133>e<203>C;<29><15><24><17><183>
Proxy-State = 27
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 5, 87
Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 3, 5, 4
Thu Nov 1 14:32:14 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = "test at my.dom.ain"
User-Password = ******
Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS inner authentication request for
test at my.dom.ain
Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Thu Nov 1 14:32:14 2007: DEBUG: Rewrote user name to
test at my.rewrite.dom.ain
Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for test at my.dom.ain,
192.168.199.12,
Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthLSA:
AD-sund2-ttls
Thu Nov 1 14:32:14 2007: DEBUG: Radius::AuthLSA looks for match with
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:32:14 2007: DEBUG: Radius::AuthLSA ACCEPT: :
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy LSA result: ACCEPT,
Thu Nov 1 14:32:14 2007: DEBUG: Access accepted for test at my.rewrite.dom.ain
Thu Nov 1 14:32:14 2007: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code: Access-Accept
Identifier: UNDEF
Authentic:
<219><13><5><149><152><154><127>r<2><176>5<131><222><243><232><252>
Attributes:
Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:32:14 2007: DEBUG: Access accepted for anonymous at my.dom.ain
Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Accept
Identifier: 24
Authentic: <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
Attributes:
MS-MPPE-Send-Key =
<173><127>|<231>;<251>-<1>7<173>D<188><229>T<241>`<207>j'<221><231><183>PJ<2
22><168><178><221><130>:<17><1><161>O<12><236><179>1C<251><18>xs,<143><28><2
34>}<169><196>
MS-MPPE-Recv-Key =
<128><139>'`}L<199><144><163><160><29><211><251>B<247>4<250>9P<229><247><159
><0>`U<19><19><132><253><133><132>`<139><220>4<197>0<220>`g\<228>)?~<29>*g<1
90><191>
EAP-Message = <3><5><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 27
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 25
Authentic: <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
Message-Authenticator =
<173>g<156><4>{<3><169>i<185>j<148>R<235><193><24><145>
Proxy-State = 28
Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 1, 25
Thu Nov 1 14:32:51 2007: DEBUG: Response type 1
Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 25
Authentic: <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 28
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 26
Authentic: <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>F<186><230><0><23
4><178><16>h||<6><25><145><189><232><138><193><160><194>p<240><239><14><24><
197><246>r<246><206>GV<154><0><0><2><0><10><1><0>
Message-Authenticator =
<246><249>Z<220><232><134>]<208><221>(<31>x<181><31>X<13>
Proxy-State = 29
Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 2, 60
Thu Nov 1 14:32:51 2007: DEBUG: Response type 21
Thu Nov 1 14:32:51 2007: DEBUG: EAP TTLS data, 24576, 2, -1
Thu Nov 1 14:32:51 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 26
Authentic: <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
Attributes:
EAP-Message =
<1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<213><1
31><225><182><247>9,<220><8>}*<136>]i<243>B<31>jo<27>E<160>H<127>_<195><18><
185>]<229>
<25>W<203><228>_<12><208>)<156><170>>$<18>I';<6>g'<181><236><130>k<243>_<22>
&+<223>$<237><8><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3>@0<130><3><0
<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134>H<134><247><
13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><
19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
EAP-Message =
<11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.my.dom.
ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>(See
www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain Control
Validated - QuickSSL
Premium(R)1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)<172><188
><235><227><220><135><233><15><24><197>
EAP-Message =
<11><5>]<181><173>J<129><161>v<202>,Z<20>L_$<127>5<129><169><246>L<196><179>
<230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/<192><147><158>!<1
53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?B<182><224><173
>}<253><30>u<<16>$#c<132>l<24><146>`<151>-!<207><140>E<240>1<208>N<155>2k0<1
75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>U<29><
15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu<198>\
<205><133>'h|<146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/secureca.crl0<31><6><3>U
<29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
<16>O3<152><144><159><212>0
EAP-Message =
<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><
7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>N<12>
g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)<159><178><168><
15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}<2><177><20>}<209>
hoJ<199>-<234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
56>T<176><137>MN<201>
c<207><244>a-<230>@Y)<134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
><184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>$0<130><3>
0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>H<134>
<247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4
><10><19><7>Equifax1-0+
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 29
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 27
Authentic: 7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator =
MN<153>pH<19><182><179><133><136>C<8><131><5>b<232>
Proxy-State = 30
Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 3, 6
Thu Nov 1 14:32:51 2007: DEBUG: Response type 21
Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 27
Authentic: 7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
Attributes:
EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
Certificate
Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6><3>U<4
><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Eq
uifax Secure Certificate
Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><
141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-<31><8>m<
145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|<206><159><5><224>
<184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128><191>
B<2><142><254><221><1>
EAP-Message =
<9><236><225><0><20>O<252><251><240><12><221>C<186>[+<225><31><128>p<153><21
>W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>+<214><238
>cE{<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><2><3
><1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<160>a<
164>_0]1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>0<17><
129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><3>U<29
>#<4><24>0<22><128><20>H<230>h<249>+<210><178>
EAP-Message = <149><215>G<216>#
<16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<249>+<21
0><178><149><215>G<216>#
<16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<26><6><
9>*<134>H<134><246>}<7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)<234><252><247><2
22><181><206><2><185><23><181><133><209><185><227><224><149><204>%1<13><0><1
66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<152><23
8><168><255>Z<200><211>U<178>fqW<222><192>!<235>=*<167>#I<1><4><134>B{<252><
238><127><162><22>R<181>gg<211>@<219>;&X<178>(w=<174><20>wa<214><250>*f'<160
><13><250><167>s\<234>p<241><148>!eD_<250><252><239>)h<169><162><135>y<239>y
<239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 30
Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 28
Authentic: 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0><12
8>iX`r<167><224><224><7>l'<185>`%%<227><216><252>`C<230>2<253><245><29><20><
138><167><179><179><145><7><181>U"<29>Z!=<224>Y<130><140><241><240><0>N$<220
>E9D<156><225><174><202><149>0<14><224><226><164>6<152>1<184><6><128><163><1
81><216>f+q<139><182>k&<182>*5T<136><0><238>h<247><188><149>U<21>FAV<19>bl<2
23>n<153>Q<22><6>y<175><254><183><181><8><231>1<247>t<153><134><131><252>~O<
14><176>R<153><238>vv^\<144><20><3><1><0><1><1><22><3><1><0>(<135>M<188>"B<2
25>D<152>"<185><229><136><142><254><143><176>}<190><247><158><13><137><248><
236><21>a<245><19>q5<141><248>b<237>6e<240><249><127><200>
Message-Authenticator =
k<152>C<187><28><145><255><132><136><176><18><173><180>M<133><244>
Proxy-State = 31
Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 4, 200
Thu Nov 1 14:32:52 2007: DEBUG: Response type 21
Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS data, 8576, 4, 2
Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Thu Nov 1 14:32:52 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Nov 1 14:32:52 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu Nov 1 14:32:52 2007: DEBUG: Access challenged for anonymous at my.dom.ain:
EAP TTLS Challenge
Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Challenge
Identifier: 28
Authentic: 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
Attributes:
EAP-Message =
<1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(g<30>u<165>>8<
173><7>1)<212><0>re<208>i<16><193><167><14>G<10>*eBu<18><6><4><178>vl<198>D<
146><194>Br<23>\
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 31
Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
*** Received from 130.225.126.187 port 1814 ....
Code: Access-Request
Identifier: 29
Authentic: <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
Attributes:
NAS-IP-Address = 192.168.199.12
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "anonymous at my.dom.ain"
Calling-Station-Id = "00-90-4B-BC-05-74"
Called-Station-Id = "00-11-85-50-3C-AF"
NAS-Identifier = "AP420.12"
EAP-Message =
<2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<12>+Bkz;<137><151><20>5<176><17>
9{]<27><235>PB<168><237><182><17><250><185><217><153>;<199><130>j/<217><130>
P<133>@<237><235><165>Q<200><218>><215><171><161><22>Qh<247><6><149><174><14
6><238><148> uCg=<254><160><231><17><198>z<20><212><18><172>
Message-Authenticator =
z<26>j<227><162>x<221><142>*<4><23><171><194><202>,+
Proxy-State = 32
Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
'User-Name=anonymous at my.dom.ain'
Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for anonymous at my.dom.ain,
192.168.199.12, 0
Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
AD-sund-ttls
Thu Nov 1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 5, 87
Thu Nov 1 14:32:52 2007: DEBUG: Response type 21
Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS data, 3, 5, 4
Thu Nov 1 14:32:52 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = "test at my.dom.ain"
User-Password = ******
Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS inner authentication request for
test at my.dom.ain
Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Thu Nov 1 14:32:52 2007: DEBUG: Rewrote user name to
test at my.rewrite.dom.ain
Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for test at my.dom.ain,
192.168.199.12,
Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthLSA:
AD-sund2-ttls
Thu Nov 1 14:32:52 2007: DEBUG: Radius::AuthLSA looks for match with
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:32:52 2007: DEBUG: Radius::AuthLSA ACCEPT: :
test at my.rewrite.dom.ain [test at my.dom.ain]
Thu Nov 1 14:32:52 2007: DEBUG: AuthBy LSA result: ACCEPT,
Thu Nov 1 14:32:52 2007: DEBUG: Access accepted for test at my.rewrite.dom.ain
Thu Nov 1 14:32:52 2007: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: <216>W<218><140><136><161><245>O<29><4>'E<182>h<134>U
Attributes:
Thu Nov 1 14:32:52 2007: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:32:52 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP TTLS inner
authentication redespatched to a Handler
Thu Nov 1 14:32:52 2007: DEBUG: Access accepted for anonymous at my.dom.ain
Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
*** Sending to 130.225.126.187 port 1814 ....
Code: Access-Accept
Identifier: 29
Authentic: <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
Attributes:
MS-MPPE-Send-Key =
<164><177>/l<214><2>N<217><12><219><214>'j<134>B^o_<158>$:#<214><167><13>"P<
183><176>G<145><184>L<20>I<244><11><166>*3wo<225><231>5<12><210><254><5><30>
MS-MPPE-Recv-Key =
<212><169>%I<245><14><212><196>g<197>6H,t<239><209><136><21><142><27><147>C<
127>s<31><24><199><186>tN<160><166>K[<161><197><233><221><205>x2<151><165>>.
<180><185>O<195><172>
EAP-Message = <3><5><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 32
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list